Page 34 of 182 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 54EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6.1 antes de v6.1.0.47, 7.0 antes de 7.0.0.29, 8.0 antes de 8.0.0.6, y v8.5 antes de v8.5.0.2 permite a atacantes remotos inyectar arbitraria secuencias de comandos web o HTML a través de los valores de campo artesanales. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM81846 https://exchange.xforce.ibmcloud.com/vulnerabilities/82697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session. IBM WebSphere Application Server (WAS) Liberty Profile v8.5 antes de v8.5.0.2, cuando SSL no está habilitado, no se valida correctamente las cookies de autenticación, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso destinados a través de una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?&uid=swg21632423 http://www-01.ibm.com/support/docview.wss?uid=swg1PM81056 https://exchange.xforce.ibmcloud.com/vulnerabilities/82695 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. Vulnerabilidad no especificada en IBM WebSphere Application Server (WAS) v6,1, v7,0 antes de v7.0.0.27, v8.0, y v8.5 tiene un impacto desconocido y vectores de ataque. • http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_2785 •

CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0

Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en el Virtual Member Manager (VMM) de la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, v7.0.0.27 antes de v7,0, v8,0 antes de v8.0.0.6 y v8.5 antes de v8.5.0.2 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM71389 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 50EXPL: 0

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en la consola administrativa de IBM WebSphere Application Server (WAS) v6,1 antes de v6.1.0.47, 7,0 antes de 7.0.0.27, 8,0 antes de 8.0.0.6 y 8.5 antes de 8.5.0.2 que permite a atacantes remotos inyectar web script o HTML arbitrario a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM72536 http://www.ibm.com/support/docview.wss?uid=swg21622444 https://exchange.xforce.ibmcloud.com/vulnerabilities/81013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •